RHSA-2008:0192: Moderate: cups security update

First published: Tue Apr 01 2008(Updated: )

The Common UNIX Printing System (CUPS) provides a portable printing layer<br>for UNIX(R) operating systems.<br>A heap buffer overflow flaw was found in a CUPS administration interface<br>CGI script. A local attacker able to connect to the IPP port (TCP port 631)<br>could send a malicious request causing the script to crash or, potentially,<br>execute arbitrary code as the "lp" user. Please note: the default CUPS<br>configuration in Red Hat Enterprise Linux 5 does not allow remote<br>connections to the IPP TCP port. (CVE-2008-0047)<br>Red Hat would like to thank "regenrecht" for reporting this issue.<br>This issue did not affect the versions of CUPS as shipped with Red Hat<br>Enterprise Linux 3 or 4.<br>Two overflows were discovered in the HP-GL/2-to-PostScript filter. An<br>attacker could create a malicious HP-GL/2 file that could possibly execute<br>arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053)<br>A buffer overflow flaw was discovered in the GIF decoding routines used by<br>CUPS image converting filters "imagetops" and "imagetoraster". An attacker<br>could create a malicious GIF file that could possibly execute arbitrary<br>code as the "lp" user if the file was printed. (CVE-2008-1373)<br>All cups users are advised to upgrade to these updated packages, which<br>contain backported patches to resolve these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2008:0192
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat